New Capabilities Include Integrated and Interactive Dashboards Along with New Modules for Managing Enterprise Assets and Compliance Questionnaires

San Francisco, Calif., - September 29, 2011 - Qualys®, Inc., the leading provider of Software-as-a-Service (SaaS) IT security risk and compliance management solutions, today announced at its ninth annual Qualys Security Conference (QSC) 2011, twitter #qsc2011, that it will showcase new capabilities and significant expansions to its QualysGuard security as a service platform that hosts Qualys’ IT security and compliance Software-as-a-Service (SaaS) suite of applications in the cloud.

The QualysGuard IT Security and Compliance Suite leverages a powerful security-as-a-service platform and a context- and role-based user interface (UI) to deliver powerful services, including vulnerability management (VM), policy compliance (PC), PCI compliance, web application scanning (WAS) and malware detection – through a single unified web portal. At the conference, Qualys will unveil new powerful features for the QualysGuard suite featuring new interactive dashboards and new capabilities, making it easier than ever for companies to protect IT assets and data from possible security threats.

“We have been a QualysGuard subscriber since 2004 and watched the solution evolve from a VM solution to an integrated suite of security and compliance offerings – delivered via the cloud,” said Dan Klinger, Sr. Manager, Global Information Security, The Hershey Company. “Now we are using the full capabilities of the QualysGuard suite to detect vulnerabilities in our environment and effectively collect compliance data for our GRC initiatives. This solution is a game changer as it gives us comprehensive visibility from a central point.”

The Qualys Security Conference (QSC) taking place in San Francisco on the 29th & 30th September is the first of a series of QSC events planned to take place in several countries this autumn. The QSC in London on 10th November will be the first opportunity for UK customers of Qualys to hear details of these announcements and review the new features in the UK.

New features available now in QualysGuard include:

New Dashboard Views and Reports. New VM and PC dashboard views provide interactive at-a-glance views of customer’s security and compliance postures. PC also now features a Policy Summary report, providing a one-page summary of compliance status for a specific policy.

Policy Import/Export. PC now provides the ability to share and create policies using simple XML files. This makes it easy for customers and auditors to collaborate on GRC efforts.

Patch Report Enhancements. Patch report provides actionable information for administrators to remediate vulnerabilities. QualysGuard now provides the ability to both selective filter and adjust the severity of patches displayed in the report, allowing users to align patch reporting with their remediation processes and SLAs.

Oracle Patch (OPatch) Detections. OPatch is an Oracle-supplied utility that helps Oracle users apply and rollback patches for Oracle software. QualysGuard now provides the option to use the OPatch utility to obtain Oracle patch information during Oracle authenticated scans on Unix hosts, allowing users to follow Oracle’s recommended best practices for system administration and maintenance

At the QSC 2011, Qualys engineers will also showcase significant expansions for the QualysGuard security as a service platform as part of the 2012 roadmap. Scheduled to be available in beta by Q4 2011, these include:

New Asset Module with Tagging. Asset tagging allows both static and dynamic tags to be applied to enterprise assets within QualysGuard for reporting and scanning. These tags leverage scan results and custom attributes, providing powerful grouping of assets quickly and easily. In addition to tagging, this new module provides a hierarchical grouping of tags, allowing assets to be grouped in various business views for reporting and more granular access control capabilities.

New Questionnaire and Workflow Module. Self-assessment questionnaires have been the main source for GRC solutions to collect control data. The new QualysGuard self-assessment questionnaire module provides centralised and customised compliance reporting and workflows for collecting technical and non-technical controls.

Enterprise Malware Detection Capabilities. New user interface for Malware Detection Service (MDS) allows enterprisers to manage and scan multiple web sites with enhanced and management and reporting capabilities as well as more sophisticated scheduling and scanning options. The new MDS dashboard provides a global overview of malware scans within the enterprise, allowing users to easily pinpoint web sites that are serving drive-by malware, and to monitor scan activity across multiple web sites. New reports also include trending over time and improved remediation instructions.

“In today’s rapidly changing threat landscape, the most effective way for companies to protect themselves is to accurately identify assets, identify vulnerabilities, and ensure that systems are properly configured,” said Philippe Courtot, chairman and CEO for Qualys. “Our goal is to continuously expand and improve our QualysGuard SaaS platform so customers can raise the bar when securing their assets without the cost and complexity associated with deploying enterprise software.”

Availability

QualysGuard is sold as annual subscriptions based on the number of systems and applications, and it includes training, all updates and 24x7 support. For detailed information on this latest release, visit https://community.qualys.com.

About Qualys

Qualys, Inc. is the leading provider of Software-as-a-Service (SaaS) IT security risk and compliance management solutions. Qualys solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard® service is used today by more than 5,000 organizations in 85countries, including 45 of the Fortune 100, and performs more than 500 millionIP audits per year. Qualys has the largest vulnerability management deploymentin the world at a leading global company, and has been recognized by leadingindustry analysts for its market leadership. Qualys was recently named BestSecurity Company in the Excellence Awards category of the 2011 SC Awards U.S.

Qualys has established strategic agreements with leading managed serviceproviders and consulting organizations including BT, Etisalat, Fujitsu, IBM,I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS. Qualys is a founding member of the Cloud Security Alliance (CSA).